OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: swingline on June 12, 2018, 06:34:44 pm

Title: OpenVPN client
Post by: swingline on June 12, 2018, 06:34:44 pm

I switched over to OPNsense from PFsense for the XOR OpenVPN support. I have always used my own VPN server, so it wasn't that big of a deal to set up the server with the xor patch get it up and running.

The problem comes with setting up OPNsense as the client, the connection status says connected, but none of the LAN traffic is being routed through the connection.  I am running in "Hybrid outbound NAT rule generation" and a couple of manual rules in the image attached. OpenVPN has also assigned to its own interface as well.

It seems like the rules are set, and it is still just pushing all LAN traffic over the PPPoE. I have been chasing my tail on this one for a couple of weeks. So any help would be much appreciated; I sure I'm overlooking something undeniably obvious. 

Code: [Select]

root@OPNsense:~ # pfctl -s nat
nat on ovpnc2 inet from 127.0.0.0/8 to any port = isakmp -> 10.8.0.2 port 1024:65535
nat on ovpnc2 inet from 10.0.0.0/24 to any -> 10.8.0.2 port 1024:65535
nat on pppoe1 inet from (igb1:network) to any port = isakmp -> XX.XX.XX.XX static-port
nat on pppoe1 inet from 127.0.0.0/8 to any port = isakmp -> XX.XX.XX.XX static-port
nat on pppoe1 inet from (igb1:network) to any -> XX.XX.XX.XX port 1024:65535
nat on pppoe1 inet from 127.0.0.0/8 to any -> XX.XX.XX.XX port 1024:65535
no rdr proto carp all
no rdr on igb1 proto tcp from any to (igb1) port = https
no rdr on igb1 proto tcp from any to (igb1) port = http
no rdr on igb1 proto tcp from any to (igb1) port = ssh
rdr on pppoe1 inet proto tcp from any to (pppoe1) port = 32400 -> 10.0.0.13 port 32400
rdr on pppoe1 inet proto udp from any to (pppoe1) port = 32400 -> 10.0.0.13 port 32400
rdr on pppoe1 inet proto tcp from any to (pppoe1) port = 3579 -> 10.0.0.56 port 3579
rdr on pppoe1 inet proto tcp from any to (pppoe1) port = 25568 -> 10.0.0.106 port 25568
rdr on pppoe1 inet proto udp from any to (pppoe1) port = 25568 -> 10.0.0.106 port 25568
rdr on pppoe1 inet proto tcp from any to (pppoe1) port = 4040 -> 10.0.0.41 port 4040
rdr on pppoe1 inet proto udp from any to (pppoe1) port = 4040 -> 10.0.0.41 port 4040
rdr on pppoe1 inet proto tcp from any to (pppoe1) port = 9090 -> 10.0.0.40 port 9090
rdr on pppoe1 inet proto udp from any to (pppoe1) port = 9090 -> 10.0.0.40 port 9090

Title: Re: OpenVPN client
Post by: kanstin on June 21, 2018, 04:50:28 am

Here are the rules that I have

root@opnsense:~ # pfctl -s nat | grep open
nat on openvpn inet all -> (openvpn:0) port 1024:65535 round-robin
rdr on openvpn inet proto tcp from any to (xn0) port = ssh -> 192.168.8.33 port 22
rdr on openvpn inet proto udp from any to (xn0) port = 3478 -> 192.168.7.1 port 3478

The last two are automatic generated rules. The screenshot shows my rule in the web interface.